Manualshelf

HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
71727374757677787980
51
from the one to which the real MAC address is connected, the device creates an entry for the forged
MAC address, and forwards frames destined for the legal user to the hacker instead.
To improve port security, you can bind specific user devices to the port by manually adding MAC address
entries to the MAC address table of the device.
Types of MAC address entries
A MAC address table can contain the following types of entries:
Static entries—Manually added and never age out.
Dynamic entries—Manually added or dynamically learned, and might age out.
Destination blackhole entries—Manually configured and never age out. They are configured for
filtering out frames with specific destination MAC addresses. For example, to block all packets
destined for a specific user for security concerns, you can configure the MAC address of this user
as a destination blackhole MAC address entry.
A static or destination blackhole MAC address entry can overwrite a dynamic MAC address entry, but
not vice versa.
To adapt to network changes and prevent inactive entries from occupying table space, an aging
mechanism is adopted for dynamic MAC address entries. Each time a dynamic MAC address entry is
learned or created, an aging timer starts. If the entry has not updated when the aging timer expires, the
device deletes the entry. If the entry has updated before the aging timer expires, the aging timer restarts.
MAC address table-based frame forwarding
When forwarding a frame, the device adopts the following forwarding modes based on the MAC
address table:
Unicast mode—If an entry matching the destination MAC address exists, the device forwards the
frame directly from the sending port recorded in the entry.
Broadcast mode—If the device receives a frame with the destination address being all Fs, or no
entry matches the destination MAC address, the device broadcasts the frame to all the ports except
the receiving port.
Configuring the MAC address table in the Web
interface
Adding a MAC address entry
1. Select Network > MAC > MAC from the navigation tree.
The MAC address table displaying page as shown in Figure 31 appears.